Microsoft Azure Logo

Built for Microsoft Azure

TENET provides deep, native integration with Azure through direct SDK connectivity, delivering comprehensive visibility across your entire Azure estate.

This guide provides step-by-step instructions to configure the integration using Azure app registrations and management groups, ensuring TENET has the necessary permissions.

TRY FOR FREECONTACT US

How It Works

Connect

Link your Azure tenant by creating a secure app registration with read-only permissions in minutes.

Assess

TENET automatically establishes resource usage baselines and analyzes your environment.

Act

Receive actionable insights with AI assistant-enabled remediation guidance tailored to your infrastructure.

Do you have multiple Azure tenants?

Each Azure tenant requires a separate integration. Please repeat the steps below for each of your tenants.

Step 1: Creating an app registration in the Azure Portal

1. Log into your Azure Portal
2. Search for App Registrations in the top search bar.
Search for App registrations in Azure Portal
3. Click on + New registration
Click New registration button in Azure Portal
4. Fill in the details:
  • Name: TENET
  • Redirect URI: Select a platform: Single-page application (SPA)
  • URL: https://tenet-portal.com
  • Click Register
Fill in app registration details - Name: TENET, Redirect URI: Single-page application

Step 2: Configure API Permissions

5. In the top toolbar, search for TENET (or the name you used for the app registration)
Copy Application (client) ID and Directory (tenant) ID from Azure Portal
6. Navigate to Manage → API permissions
Navigate to API permissions menu
7. Select + Add a permission → Microsoft Graph → Application permissions.
Add Microsoft Graph permissions

Please ensure that you select 'Application Permissions', as this is the type we need for the integration to work.

8. Search for and select Directory.Read.All (Enables TENET to read directory data for synchronization)

  • Click add permissions
Add Microsoft Graph permissions
9. Grant admin consent
  • Then click on Grant admin consent for [Your Tenant] and confirm selection
Grant admin consent for permissions
10. Ensure all permissions have a green check in the Status column.
Permissions status with green checkmarks

Step 3: Grant the TENET application Subscription Permissions

Note: the following steps grant TENET read access to all available subscriptions within the management group, if you wish to limit this to only specific subscriptions, you can follow the same steps but start by searching for the names of those specific subscriptions rather than Management Groups.

11. In the top toolbar, search for Management Groups
Navigate to subscription IAM
12. Select your root management group (usually Tenant Root Group).
Navigate to subscription IAM

If you are a Global Administrator but you are unable to access management groups, you can elevate your access to manage all Azure subscriptions and management groups by following these steps: Elevate access for a global admin

13. Click on Access control (IAM) → Role assignments
Navigate to subscription IAM
14. Select Reader role.

Note: This step will need to be repeated again to add Monitoring reader and Security reader roles to be completed.

Add role assignment
  • Click on the Members tab, and then + Select members.
Click Members tab and Select members
  • In the + Select Members panel, search for the name of the app registration that you created earlier, then click on it
  • Click Select at the bottom
Search for app registration in Select Members panel

Note: All 3 permissions are necessary for the application to function as intended. Ensure they are added for each subscription when not using management groups.

15. Once all permissions have been added, click Review + assign (twice) to complete
Review and assign role

Step 4: Create Client Secret

16. Return to App registrations and open your registered app

Please take note of the Application (client) ID and Directory (tenant) ID from this page - you will need to copy these across to the TENET Platform later.

Application overview showing Client ID and Tenant ID
17. Navigate to Manage → Certificates & secrets → Client secrets
Navigate to Certificates & secrets
18. Click + New client secret, provide a name and expiry, and then click Add
Copy the client secret value
19. Please take note of the Value of the secret - this is the final data point you will need to copy across to the TENET Platform.
Copy the client secret value

Step 5: Add Credentials to TENET

20. Log in to TENET and navigate to Settings (tenet-portal.com/settings)

Enter a friendly Tenant Name and previously noted Tenant ID, Client ID & Client Secret then click on Start Assessment

TENET settings page - Azure Credentials

Wait for validation and initial data fetch to be completed (about 45 seconds) and you can start reviewing TENET's insights.

You're done! 🎉

Managing and Monitoring Assessments

  • TENET Assessments run automatically every 12 hours with Anomaly detection running every hour and a manual refresh option is available in the directories tab.
  • If missing permissions or invalid credentials are detected during an assessment, you'll see error messages in your TENET Platform. Adjust your permissions accordingly.

Plan Limits

  • Trial (14‑days): allows you to explore TENET with all scale features unlocked for you.
  • Scale Plan: Enables automated and on-demand assessments for a single tenant.
  • Pro Plan: Enables automated and on-demand assessments for multiple tenants simultaneously.

Ready to integrate your Azure environment?

Get up and running in minutes with TENET's native Azure integration

14-day free trial · 5 minute setup · No credit card required